We love WordPress — unabashedly! We design and develop in this ever-evolving and maturing application on a regular basis.  It has come SO far over the past decade and, in the remarkable vein of GPL and open-source application development everywhere, there is an enormous community of users, developers and advocates out there that provide encouragement and support.

What’s the best part about WordPress?  Its accessibility.  Hands down.  It’s user friendly and simple where it should be and with the release of the 3.x architecture, it has actually taken leaps forward towards becoming a Content Management System (our designers and developers here will attest to this, somewhat begrudgingly, as it removes some of the ease-of-use of a blog {think auto-menu items with some of the new features}).

What’s the worst part about WordPress?  Left alone and without an initial security detail and on-going regular maintenance, it’s as vulnerable as any open source, widely used application (think Zen Cart).  In fact, one of the clear downsides to using open source solutions is that, well, everyone else can (and does), too.  And this means along the infiltration spectrum, anyone from your backyard script kiddie to a hired spam minion, can and does find holes to make your life difficult.

So why take the risk, you ask?  Because WP is an elegant solution, even for average ecommerce.  Yes, that’s right, ecommerce.  And the risk is minimal if you perform a couple of tech-common sense (and some not so much) tasks upon setting up your WP installation and then as you maintain it.

WordPress has released a security 101 document that provides decent security practices that all WordPress administrators should consider following.  The most important of these (and the most important lesson for everyone who logs in to any website) is securing your password.  There are zillions of articles about this very topic on the web (just google ‘password vulnerabilities’) and yet occasionally I am still surprised at the simple passwords that folks use. 🙂

Changing your password every 6 months?  Some techs will suggest this and it’s a good idea to change your very important passwords from time to time, however the best policy is to come up with a random and very difficult-to-guess password from the get go.

Happy WordPressing!